1

I am trying to implement a load balancer based on the health check.

If one of the cluster ingress goes down it has to routed to the other cluster ingress.

I did the following

upstream backend {
 server primary max_fails=2, timeout2s;
 server secondary backup;
}

location / {
resolver dns-default.openshift-dns;
proxy_pass https://backend;
proxy_pass_request_headers on;
proxy_ssl_server_name on;


proxy_ssl_name <active_ingress_dns??>;
proxy_set_header Host <active_ingress_dns??>;
}

I stuck on how to get the active ingress dns because it is needed to set the proxy SSL name and header host in the location block above as it is needed otherwise, I am getting 502 bad gateway error always.

I tried with map blocks

map $upstream_addr $aidns{
 121.12.11.12 "primary.com"
 123.23.32.12 "secondary.com"
}

but $aidns is not consistent always. Sometimes it is printing the upstream name, ip with upstream name

Is there any way that I can get the domain name consistently.

Or any workaround that, I can route the request to healthy ingress in openresty.

-----------------Edit------------------

I followed the below link

https://stackoverflow.com/a/66867196/1016033

With that, I am getting the below error - I am doing this in my local machine with docker desktop - fyi

web-1 | 2024/10/08 01:08:24 [emerg] 12#12: bind() to 10.101.121.15:443 failed (99: Cannot assign requested address) web-1 | nginx: [emerg] bind() to 10.111.121.13:443 failed (99: Cannot assign requested address)

    http {

      upstream backend {
          server cluster_1.ingress.com:443;
          server cluster_2.ingress.com:443; max_fails=2 fail_timeout=1s;
      }


      server {
            listen cluster_1.ingress.com:443;
            location / {
         resolver dns-default.openshift-dns;
         proxy_pass https://backend;

                   proxy_pass_request_headers on;
                   proxy_ssl_server_name on;
                   proxy_ssl_name cluster_1.ingress.com;
                   proxy_set_header Host cluster_1.ingress.com;
            }
      }

         server {
                  listen cluster_2.ingress.com;
                  location / {
                       resolver dns-default.openshift-dns;
                      proxy_pass &quot;https://cluster_2.ingress.com&quot;;        
                   proxy_pass_request_headers on;
                   proxy_ssl_server_name on;
                   proxy_ssl_name cluster_2.ingress.com;
                   proxy_set_header Host cluster_2.ingress.com;
                  }
            }


    server {
         listen 8080 default_server;
         listen [::]:8080 default_server;
         root /usr/share/nginx/html;
         server_name _;

         add_header Access-Control-Allow-Origin * always;
         add_header Access-Control-Allow-Credentials true;
         add_header Access-Control-Allow-Headers Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range;
         add_header Access-Control-Allow-Methods GET,POST,OPTIONS,PUT,DELETE,PATCH;


         location / {
                   resolver dns-default.openshift-dns;
         proxy_pass $backend;
         }

  }
}
Ram
  • 113
  • 6

1 Answers1

1

Use intermediate server blocks.

upstream backend {
  server 127.0.0.1:10001 max_fails=2, timeout=2s;
  server 127.0.0.1:10002 backup;
}

server {
  ...
  location / {
    proxy_pass http://backend;
    #    http! ^^^^
  }
}


server {
  listen 127.0.0.1:10001;


location / {
    proxy_pass https://cluster_1.ingress.com;
    proxy_ssl_server_name on;
  }
}


server {
  listen 127.0.0.1:10002;


location / {
    proxy_pass https://cluster_2.ingress.com;
    proxy_ssl_server_name on;
  }
}
Alexey Ten
  • 9,247